{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/divvydrive-4.8.2.9--4.8.3.2/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-5784"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["DivvyDrive (4.8.2.9 \u003c 4.8.3.2)"],"_cs_severities":["medium"],"_cs_tags":["xss","stored-xss","web-application"],"_cs_type":"advisory","_cs_vendors":["DivvyDrive Information Technologies Inc."],"content_html":"\u003cp\u003eDivvyDrive, a product of DivvyDrive Information Technologies Inc., is vulnerable to a stored cross-site scripting (XSS) vulnerability. This flaw, identified as CVE-2026-5784, arises from the improper neutralization of input during web page generation. Specifically, DivvyDrive versions from 4.8.2.9 before 4.8.3.2 are affected. An attacker can inject malicious scripts into the application, which are then stored and executed when other users interact with the affected content. This can lead to session hijacking, defacement, or redirection to malicious sites. The vulnerability was reported by the Computer Emergency Response Team of the Republic of Turkey.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies an input field within DivvyDrive (versions 4.8.2.9 to 4.8.3.1) that does not properly sanitize user-supplied data.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious payload containing JavaScript code.\u003c/li\u003e\n\u003cli\u003eThe attacker injects the malicious payload into the vulnerable input field (e.g., a comment, profile field, or document name).\u003c/li\u003e\n\u003cli\u003eThe application stores the attacker\u0026rsquo;s payload in the database without proper sanitization.\u003c/li\u003e\n\u003cli\u003eA legitimate user accesses the page or feature where the malicious payload is stored and displayed.\u003c/li\u003e\n\u003cli\u003eThe user\u0026rsquo;s web browser executes the attacker\u0026rsquo;s JavaScript code.\u003c/li\u003e\n\u003cli\u003eThe malicious script can perform actions such as stealing the user\u0026rsquo;s session cookies.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the stolen cookies to impersonate the user and gain unauthorized access to their account.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this stored XSS vulnerability (CVE-2026-5784) in DivvyDrive could allow an attacker to execute arbitrary JavaScript code in the context of other users\u0026rsquo; browsers. This could lead to account compromise, session hijacking, defacement of the DivvyDrive instance, or redirection of users to malicious websites. The CVSS v3.1 base score is rated as 8.8 (High), indicating a significant risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade DivvyDrive to version 4.8.3.2 or later to remediate the XSS vulnerability (CVE-2026-5784).\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rule to monitor for suspicious web requests containing common XSS payloads.\u003c/li\u003e\n\u003cli\u003eImplement robust input validation and output encoding mechanisms to prevent XSS attacks.\u003c/li\u003e\n\u003cli\u003eRegularly review and update security practices to mitigate the risk of similar vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-07T13:16:13Z","date_published":"2026-05-07T13:16:13Z","id":"/briefs/2026-05-divvy-drive-xss/","summary":"DivvyDrive versions 4.8.2.9 before 4.8.3.2 are susceptible to stored cross-site scripting (XSS) due to improper neutralization of user-supplied input during web page generation, potentially allowing attackers to execute arbitrary JavaScript in a user's browser.","title":"DivvyDrive Stored XSS Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-divvy-drive-xss/"}],"language":"en","title":"CraftedSignal Threat Feed — DivvyDrive (4.8.2.9 \u003c 4.8.3.2)","version":"https://jsonfeed.org/version/1.1"}